Runtime kernel patching has been around for almost ten years and is a technique frequently used by various rootkits to subvert the kernel's used in many modern operating systems.

This technique does not require any types of kernel modules or extensions and will allow you to hide various things like processes, files, folders and network connections by modifying the kernel's memory directly. It will also allow you to place various backdoors in the kernel for privilege escalation.

This talk will discuss runtime kernel patching on Apple's operating system Mac OS X and the XNU kernel. We will cover some rootkit basics as well as some Mac OS X specific 'features' which will facilitate our journey into the deepest parts of the darwin operating system and the XNU kernel.

As a bonus we will also show some basic methods for rootkit detection on Mac OS X that will aid you in the process of detecting rootkits that utilize runtime kernel patching to stay hidden.

Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.